<img src="https://ws.zoominfo.com/pixel/pIUYSip8PKsGpxhxzC1V" width="1" height="1" style="display: none;">

Brokered Deposits & Vendor Management

3 min read
May 10, 2019

Brokered deposits are a popular way for well-capitalized banks to increase deposits—but they also come with additional regulatory scrutiny. As the industry pushes for more flexibility to make it easier to work with deposit brokers, bankers can help make their case with strong vendor management.

Vendor management is a must for any third-party vendor, and that’s especially true for brokered deposits. The definition of a “deposit broker” is broad, making many parties a de facto third-party vendor. Anyone “engaged in the business” of placing or facilitating brokered deposits is considered a deposit broker. That can even include government agencies with benefit programs that provide debit or prepaid cards.

With so many potential deposit brokers, which also classify as third-party vendors, following vendor management regulation and guidance for these parties is a must. Failing to risk assess and monitor a vendor can only lead to trouble.

The good news is that basic principles of vendor management don’t just make it easier to comply with third-party vendor regulation—they also make it easier to comply with regulations related to broker deposits, demonstrating that banks are carefully measuring, monitoring and controlling the risks. This transparency and oversight can only help banks in their efforts to expand access to broker deposits.

Banks may think of brokered deposits from a retail perspective due to the focus on anti-money laundering phrases like "customer due diligence.”  But if you dig into regulatory expectations, there’s a lot of overlap with vendor management principles.

Just take a look at the FFIEC’s Bank Secrecy Act Anti-Money Laundering Examination Manual. It instructs examiners to “assess the adequacy of the bank’s systems to manage the risks associated with brokered deposit relationships, and management’s ability to implement effective due diligence, monitoring, and reporting systems”. (Emphasis added.)

It goes on to encourage banks to have a “signed contract that sets out the roles and responsibilities of each party” and “take particular care in their oversight of deposit brokers who are not regulated entities.”

Now let’s take a look at the four elements of a third-party vendor risk management compliance program as defined by the FDIC. It includes:

  • Risk assessment
  • Due diligence
  • Contract structuring and review
  • Oversight

Sounds familiar, doesn’t it?

Risk assessment

Brokered deposits pose a risk of OFAC violations if the bank does not know the true beneficial owner of the account. This requires the bank to have policies, procedures, and processes to mitigate risk and identify particularly high-risk brokers such as those that are “unknown, foreign, independent or unregulated.”

Similarly, the FDIC requires banks to identify significant (aka high-risk or critical) vendors and have the resources to assess the relationship. It also encourages banks to analyze the “benefits, costs, legal aspects, and the potential risks” of a third party to see if the potential risks fall within the institution’s comfort zone and are consistent with the financial institution's plans and strategies. That’s a smart activity for any business line.

Due diligence

The FFIEC says bank due diligence should include determining if a deposit broker is legitimate in all its markets, reviewing its business strategies, and evaluating its compliance with BSA/AML and OFAC policies.

Similarly, the FDIC says third-party vendor due diligence should include the vendor’s financials, experience, legal and regulatory knowledge, reputation and “the scope and effectiveness of its operations and controls.”

Contract structuring and review

The FFIEC says that having a signed contract that “sets out the roles and responsibilities of each party and restrictions on types of customers” can reduce the inherent risk in deposit broker relationships.

That’s much like the FDIC Compliance Exam Manual which requires a written contract with clearly defined contract standards, frequency and types of audits and reports, and default, termination and dispute resolution provisions, among others.


The FFIEC says “Banks should also monitor existing deposit broker relationships for any significant changes in business strategies that may influence the broker’s risk profile. As such, banks should periodically review and update each deposit broker’s profile to ensure an appropriate risk assessment.”

The FFIEC specifically mentions being wary of brokers that won’t provide audit and due diligence information before placing deposits.

That sounds an awful lot like the FDIC’s mandate that banks periodically review vendor operations to ensure that the vendor is controlling risk and living up to contract terms. This should include monitoring “quality of service, risk management practices, financial condition, and applicable controls and reports.”

Vendor management of broker relationships

As third-party vendors, brokered deposits require vendor management. But from a strictly brokered deposit regulation perspective, the regulations for brokered deposits have a lot in common with vendor management, with the need to systematically manage relationships with documented policies and procedures, from risk assessment through ongoing monitoring.

For this to happen effectively and efficiently, banks should adopt vendor management principles for managing broker relationships. There are too many moving pieces and procedures that must be executed and documented, and the risk of regulatory issues is too great for a casual approach.

Leveraging existing vendor management systems to assess risk and ensure consistent due diligence and monitoring that complies with broker dealer regulation and guidance is a smart way to make the most of vendor management while reducing compliance risk for brokered deposits.


Related: Vendor Risk Countdown: Top 10 Risks Third-Party Vendors Pose to Your Financial Institution

Subscribe to the Nsight Blog